[Remote] Continuity & Security Assurance Analyst

Note: The job is a remote job and is open to candidates in USA. Government Employees Health Association, Inc. (G.E.H.A) is a nonprofit member association that provides health and dental benefits to federal employees and their families. The Continuity and Security Assurance Analyst supports the Cybersecurity and Information Protection program by executing security, compliance, and business continuity initiatives, ensuring the resilience and security of G.E.H.A’s systems and data.

Responsibilities

• Develop and execute security, compliance, and risk assessment plans aligned to regulatory requirements, industry standards, and G.E.H.A policies
• Monitor security programs and systems, analyze logs and activities, and identify control gaps, anomalies, or areas of elevated risk
• Perform audits across key control areas, including Data Loss Prevention (DLP), inbound email security/quarantine processes, and user access management
• Perform and support periodic user access control reviews, including validation of user entitlements, identification of inappropriate or excessive access, coordination with business owners, and tracking remediation of identified issues
• Review and troubleshoot compliance requests to ensure alignment with G.E.H.A security policies, standards, and applicable legal/regulatory requirements
• Conduct ongoing compliance monitoring activities, including documentation, evidence collection, and remediation tracking for identified issues
• Evaluate existing processes and controls, identify areas for improvement, and develop actionable remediation plans to strengthen compliance and security posture
• Support internal and external audits by preparing documentation, coordinating responses, and validating control effectiveness
• Create, maintain, and enhance security documentation, procedures, and control artifacts to support governance and audit readiness
• Support the execution of security awareness and training initiatives
• Contribute to the development and continuous improvement of programs that ensure the availability and resilience of G.E.H.A’s information systems and data
• Support the Business Continuity and Disaster Recovery (BCDR) program, including planning, documentation, testing, and continuous improvement activities
• Assist in the Third Party Risk Management program, including review and analysis of third-party maturity assessments, SOC reports, and HITRUST certifications
• Monitor third-party security posture and identify risks, gaps, and opportunities for improvement across G.E.H.A’s vendor ecosystem

Skills

• Bachelor's degree in Computer Science, Information Systems, or a related discipline
• Three (3) or more years of experience in Information Technology, Information Security, IT Assurance, Risk Management, Governance, or Business Continuity
• Equivalent combinations of education and additional experience may be considered in lieu of formal degree or certification requirements
• One or more industry certifications such as: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC, or similar governance, risk, security, or BCDR certifications
• Working knowledge of governance, risk, and compliance frameworks such as: COSO, COBIT, ITIL, ISO 31000, ISO 27002, ISO 22301, NIST CSF, NIST 800‑53, and SANS Critical Security Controls
• Experience with enterprise Governance, Risk, and Compliance (GRC) platforms (e.g., Archer, MetricStream, LockPath, etc.)
• Proficiency with Microsoft Office applications
• Strong analytical and problem-solving skills with the ability to identify risk and recommend practical solutions
• Effective written and verbal communication skills, including the ability to translate technical risks into business-focused language
• Ability to build relationships, influence stakeholders, and collaborate across multiple business units and teams
• Strong organizational skills with the ability to manage multiple priorities in a fast-paced environment
• Customer service orientation with a focus on delivering high-quality, accurate outcomes
• Effective presentation and interpersonal skills
• Must have the ability to provide a non-cellular High Speed Internet Service such as Fiber, DSL, or cable Modems for a home office
• A minimum standard speed for optimal performance of 30x5 (30mpbs download x 5mpbs upload) is required
• Latency (ping) response time lower than 80 ms
• Hotspots, satellite and wireless internet service is NOT allowed for this role
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

Benefits

• Competitive pay/salary ranges
• Incentive plan
• Health/Vision/Dental benefits effective day one
• 401(k) retirement plan:  company match – dollar for dollar up to 4% employee contribution (pretax or Roth options) plus a 6% annual company contribution
• Robust employee well-being program
• Paid Time Off
• Personal Community Enrichment Time
• Company-provided Basic Life and AD&D
• Company-provided Short-Term & Long-Term Disability
• Tuition Assistance Program
• Hybrid and work-from-home options for many of our roles

Company Overview